CVE-2022-0497 Out-of-bounds memory access in comment parser.

Public issue: #4043 Fix in master branch: #4044
openscad · Feb 5, 2022 · 84addf3 · 84addf3
1 parent 00a4692
commit 84addf3
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/comment.cpp b/src/comment.cpp
@@ -92,7 +92,7 @@ static std::string getComment(const std::string &fulltext, int line)
 	}
 
 	int end = start + 1;
-	while (fulltext[end] != '\n') end++;
+	while (end < fulltext.size() && fulltext[end] != '\n') end++;
 
 	std::string comment = fulltext.substr(start, end - start);